Canadian Press reports: An employee from a company that operates a well-traveled toll road in southern Ontario has been charged in a major breach of customer data. York Regional Police allege the 407 Express Toll Route employee used a company computer to access and compile a list of names, addresses and phone numbers of 60,000…
Month: July 2020
Es: Adif hit by cyberattack
Some people might remind us all that threat actors don’t need the media giving them free publicity, but the public is still interested in knowing about what impacts them. And attacks on infrastructure tend to be newsworthy. David Burroughs reports: Spanish infrastructure manager Adif has been hit by a cyberattack in which hackers have claimed…
Garmin services and production go down after ransomware attack
Catalin Cimpanu reports: Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official…
Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…
278k Instacart customer records reportedly hacked, includes order history
Ben Lovejoy reports: Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories … Instacart denies that there has been any breach, and says that if any data is real, it didn’t come…
NY Charges First American Financial for Massive Data Leak
Brian Krebs reports: In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in…